A Solid Baseline; PowerPoint Melvinisms; Renewal Plan; more
What is the best way to get some solid baseline security information at
minimum cost (in other words, where we stand vs. where we should be)?
Perhaps MBSA, port scanners or Microsoft best practices? What about the
rtr/switch side? We’ve done multiple things at my company, but I’d appreciate
—Name withheld upon request
Have time to listen to a long rant? Seriously, there’s no shortcut
to a solid baseline. A good approach would be an internal audit by an
IT-knowledgeable auditor. Many excellent financial auditors have little
understanding of IT. The auditor must know IT and be up on the latest
generally accepted security standards on the operating systems, applications
and infrastructure that you have. The reason I say use an auditor is because
you get the benefit of someone who’s not on your IT staff.
All of the things you mention are good starts and cheaper than hiring
an auditor. If the scope of your assessment is just Microsoft operating
systems, and you don’t know or have IT knowledgeable auditors, then, yes,
the documents on security operations is a good place to start. They can
also provide security templates that you can use in Security Configuration
and Analysis to a reading on how you match up to Microsoft’s suggestions.
But, ultimately, the question of where you need to be is a lot more than
just looking at the Microsoft recommendations.
I get asked this question a lot, and I plan to have a partial answer
in an upcoming Security Watch newsletter. (You can subscribe at MCPmag.com.)
Let me know how you make out.
I just read April’s “Call Me Certifiable” column, “How PowerPoint Is Like
Melvin.” As an instructor at a technical college, I find the use of PowerPoint
presentations very useful in my classes. It takes all kinds of teaching
aids to keep the students’ attention. Some are more visual learners that
others. I’d be lost with out it.
—Ken Scheler, MCSA/MCSE Instructor
This is the guaranteed cure for PowerPoint Melvinism: http://www.apple.com/keynote/.
—Eric Silberman, MCSE: Security, CCNA
I’ve worked with an environmental engineering firm for the past 10 years, and I’m a content PowerPoint user. In fact,
I got my boss to buy a projector in 1996 so that we could make dazzling presentations to win more contracts—and it was hugely successful. There were times we dealt with regulators while representing our clients and were able to better explain our approach, often innovative and outperforming than the “prescribed” state methods, using animations in PowerPoint.
Believe me, the only way they can take PowerPoint away from me is by prying it from my cold, dead hands.
However, I don’t doubt that there aren’t enough people qualified to deal
with PowerPoint. An amateur can easily screw things up for me and not
realize it. I’d wholeheartedly support the idea of having a PowerPoint
Huntington Beach, California
Did I neglect to mention that I, too, am a content PowerPoint user?
Oh, not so much lately, but in my salad days, I used to teach training
courses to developers, and the PowerPoint slides anchored the day. One
key, of course, is to make sure that the slides guide your presentation
rather than just reading them to an increasingly sleepy reader.
—Em C. Pea
The Real Motivation Behind Outsourcing
Europe has been living with the outsourcing situation for some years already,
but for different reasons perhaps than the U.S. Many of our IS/IT managers
don’t have the will to make IT decisions, because they fear for their
own positions in doing so. It is easier to buy from outside and have someone
else to blame when things go wrong instead of taking charge of a situation.
So, even if a Microsoft LAN/WAN infrastructure is heavily implemented throughout most European companies—and the fact that those technologies can cover both simple and complex needs—politics will often decide what they do. Often, MCPs find themselves unable to utilize much of the built-in functionality because IS/IT managers will decide to buy from several different providers.
But, it would be unwise for any business to outsource services and decisions concerning infrastructure. They should have their own qualified resources—helping them in analyzing, planning, testing, and deployments—ensuring the best possible platform to work on (both for productivity and security matters).
Few other than Microsoft Certified Professionals can accomplish this
—Baard Erlend Schoyen, MCSE
I recertify based on needs at work. As we are a Microsoft shop, change
is constant, and so are Microsoft exams. I find the study/upgrade process
a kick in the rear to make me learn the product more deeply than I would
otherwise, so I keep playing the game. It helps that my employer picks
up the cost). I also enjoy the jokes that my co-workers make about my
being the certification poster boy. I wouldn’t learn the breadth of the
products if it weren’t for certification, so it works for me.
—Bryan Colombo, MCSE, MCT
Colorado Springs, Colorado
Sounds like you’ve got the right idea (or at least the same one that
Auntie has, and that’s the same thing, right?). Over the long run, the
certifications that mean the most—and that contribute to your professional
pride—are those that actually reflect your knowledge.
—Em C. Pea
Have a question or comment about an article or letter that appeared in MCP Magazine?